#privilege-escalation

1h ago · 9 min read · Real-Time Privilege Escalation Detection with Streaming SQL Privilege escalation sits at the center of virtually every successful breach. An attacker who starts with phished credentials or an insider who begins with read-only access must elevate perm...

Join discussion

HHugohugovalters.hashnode.dev

0

The 'Domain Admin' Ego Trip: Why Handing Out DA Privileges Guarantees a Ransomware Outbreak

Apr 11 · 3 min read · I frequently audit corporate networks where 15 different people are sitting in the Domain Admins group. When I ask the IT Director why the junior helpdesk tech and the database administrator hold the literal keys to the entire Active Directory forest...

Join discussion

JJebitoksharonjebitok.com

0

Develpy (CTF Challenge - THM)

Mar 28 · 6 min read · Introduction Develpy is a beginner-friendly TryHackMe challenge that focuses on code injection and privilege escalation via cron job abuse. The attack surface starts with a custom Python 2 service r

Join discussion

JJebitoksharonjebitok.com

0

Break Out The Cage (CTF Challenge - THM)

Mar 28 · 18 min read · INTRO In this TryHackMe room, Break Out The Cage, we step into a Nicolas Cage-themed CTF that layers enumeration, classical cryptography, and privilege escalation into a full attack chain. The challen

Join discussion

JJebitoksharonjebitok.com

0

Team (CTF Challenge - THM)

Mar 28 · 8 min read · nmap -p- -sV IP_Address PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.5 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache h

Join discussion

JJebitoksharonjebitok.com

0

Wonderland (CTF Challenge - THM)

Mar 28 · 12 min read · Intro: Wonderland is a beginner-friendly CTF room on TryHackMe themed around Lewis Carroll's Alice in Wonderland. The challenge walks through a full attack chain — web enumeration, steganography hints

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

API Security in DVWA

Mar 21 · 29 min read · 1 Introduction In this post, the API Security vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks across all security levels is to exploit weaknesses in

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

Authorisation Bypass in DVWA

Mar 8 · 13 min read · 1 Introduction In this post, the Authorisation Bypass vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to identify any areas where a

Join discussion

RRCE.0psrceops.hashnode.dev

0

Active Directory Enumeration: ldeep

Feb 27 · 16 min read · ldeep is a post-exploitation LDAP enumeration tool designed for use in Active Directory environments. It enables red teamers, security professionals, and penetration testers to query domain objects an

Join discussion

RRCE.0psrceops.hashnode.dev

0

Jenkins Penetration Testing

Feb 27 · 6 min read · Jenkins Penetration Testing is essential for identifying security vulnerabilities in Jenkins, an open-source automation server used for continuous integration (CI) and continuous delivery (CD). Built

Join discussion

Tag feed

#privilege-escalation

Tag feed

#privilege-escalation

Trending tags this week

Real-Time Privilege Escalation Detection with Streaming SQL